Lucene search
Veracode Vulnerability DatabaseVERACODE:26497HistoryAug 27, 2020 - 2:24 a.m.
Cross-Site Request Forgery (CSRF)
2020-08-2702:24:12
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
cross-site request forgery
csrf
post requests
authentication token
vulnerable software
EPSS
0.001
Percentile
35.4%
nodebb-plugin-blog-comments is vulnerable to cross-site request forgery (CSRF). The vulnerability exists due to the lack of authentication token for the POST requests to /comments/reply and /comments/publish in library.js.
Related
osv
osv
CVE-2020-15156
2020-08-26 19:15:14
XSS due to lack of CSRF validation for replying/publishing
2020-08-26 18:55:38
github
github
XSS due to lack of CSRF validation for replying/publishing
2020-08-26 18:55:38
githubexploit
githubexploit
Exploit for Cross-Site Request Forgery (CSRF) in Nodebb Blog Comments
2020-12-01 09:45:48
cve
cve
CVE-2020-15156
2020-08-26 19:15:14
nvd
nvd
CVE-2020-15156
2020-08-26 19:15:14
prion
prion
Cross site request forgery (csrf)
2020-08-26 19:15:00
cvelist
cvelist
CVE-2020-15156 XSS due to lack of CSRF validation for replying/publishing
2020-08-26 19:10:14